...
И добавьте в него строчку User user ALL=(ALL) ALL
Далее залогиньтесь под пользователем и продолжите работу из-под него.
...
Далее установите следующие пакеты:
sudo dnf update
sudo dnf upgrade
sudo dnf install ccid opensc pam_pkcs11
|
gdm-plugin-smartcard sudo dnf install -y sudo dnf install -y sudo dnf install -y nss-tools opensc krb5-pkinit
|
Загрузите модуль librtpkcs11ecp.so и установите:
sudo rpm -i dnf install /Путь_до_файла/librtpkcs11ecp-2X.6X.1X.0X-1X.x86_64 .rpm
|
Настройка DNS
Через консоль
...
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
# dns_lookup_realm = false # Отключить поиск kerberos-имени домена через DNS
dns_lookup_kdc = true # Включить поиск kerberos-настроек домена через DNS
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
# spake_preauth_groups = edwards25519
default_ccache_name = FILE:/tmp/krb5cc_%{uid}
default_realm = ASTRADOMAIN.AD
pkinit_kdc_hostname = SERVER WIN-HAFG0T1O90S.ASTRADOMAIN.AD
pkinit_anchors = DIR:/etc/pki/ca-trust/source/anchors/
pkinit_identities = PKCS11:librtpkcs11ecp.so
pkinit_eku_checking = none
canonicalize = True
default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES3-CBC-SHA1 DES-CBC-MD5 default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES3-CBC-SHA1 DES-CBC-MD5 preferred_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES3-CBC-SHA1 DES-CBC-MD5
[realms]
ASTRADOMAIN.AD = {
kdc = server WIN-HAFG0T1O90S.astradomain.ad # Primary Domain Controller
admin_server = server WIN-HAFG0T1O90S.astradomain.ad # Primary Domain Controller
default_domain = astradomain.ad # Domain name
}
[domain_realm]
.astradomain.ad = ASTRADOMAIN.AD
astradomain.ad = ASTRADOMAIN.AD
[appdefaults]
pam = {
debug = true
}
|
...